Srinivasu S R S Dhulipala (srinid) writes:
> With the above NAT-T and MOBIKE in the context, I've the following
> questions:
>
> 1) Can an IKE peer that migrated to 4500 for some reason migrate back to
> 500 later? Is that allowed?
If using MOBIKE it is very clear it cannot migrate back, as M
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions Working
Group of the IETF.
Title : IPv6 Configuration in IKEv2
Author(s) : P. Eronen, et al.
Filename
Hello,
The document was revised to address the comments received from the AD.
The diff is at
http://tools.ietf.org/wg/ipsecme/draft-ietf-ipsecme-ikev2-redirect/draft
-ietf-ipsecme-ikev2-redirect-11-from-10.diff.html
The Mobile IPv6-related text, that was in two different sections, has
been moved
Yaron Sheffer wrote:
> Hi Pasi,
>
> Sorry for the late reply.
>
> I believe most people would NOT expect a properly terminated
> (deleted) IKE SA to be resumed. To give one example, suppose I
> "downsize" a user and revoke his access rights. Today I will simply
> terminate (=delete) all his exis
I agree with Yaron that it should be the way it is now described in the draft.
If either side deleted the IKE SA, then it should not come back to life through
session resumption. Specifically, the client should not get reconnected without
authentication. The laptop example is excellent. If I clo
Hi all
version -02 of this private submission draft, with two additional co-authors
and some more use cases.
Enjoy
Yoav
From: i-d-announce-boun...@ietf.org [i-d-announce-boun...@ietf.org] On Behalf
Of internet-dra...@ietf.org [internet-dra...@ietf.org]
Hi Yoav,
Please find my inputs:
1. In section 3:
.
A supporting responder that advertised the VID payload in the
IKE_INIT response MUST process a modified IKE_AUTH request, and MUST
reply with a modified IKE_AUTH response. Such a responder MUST NOT
reply with a modified IKE_AUT
Hi Yoav,
On Thu, Jun 18, 2009 at 11:24 AM, Raj Singh wrote:
> Hi Yoav,
>
> Please find my inputs:
>
> 1. In section 3:
>
> .
>
>A supporting responder that advertised the VID payload in the
>IKE_INIT response MUST process a modified IKE_AUTH request, and MUST
>
>reply with a modi